Companies are increasingly allowing employees and contractors to bring their own devices to work and access corporate data, email, and other information. Information technology departments need ways to manage these personal devices to ensure their security. Some operating system or device manufacturers have therefore started offering native device management software that provides basic functionality like the ability to remotely wipe corporate data from a personal device.
For many organizations, the basic functionality offered by native device management software does not adequately address their concerns. As a result, companies can require that employees install enhanced mobile device management software that provides more advanced configuration and protection.
For devices that already include native management and should also use enhanced management software, an issue arises with being able to detect whether the enhanced management software has been uninstalled. The device may not report an uninstall event to a server because the native agent locally stores whether it is enrolled. There is therefore a need to ensure that enhanced management software is active, and also to prevent a user from making any changes to the configuration settings of the enhanced management software. For example, a user can uninstall the software or delete a database stored on the device that indicates the device is enrolled with management software. The user can then bypass securities offered by the enhanced software by disabling firewall protections, turning off automatic software updates, and disabling other features designed to keep the device secure using the enhanced management software.